- <sec:authentication property="name"></sec:authentication>
<div>username : <sec:authentication property="name"/></div>
.getAuthentication()
.getPrincipal();
if (principal instanceof UserDetails) {
String username = ((UserDetails)principal).getUsername();
} else {
String username = principal.toString();
}
在经过Spring Security认证之后,Security会把一个SecurityContextImpl对象存储到session中,这个对象中存有当前用户的信息。
SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
//登录名
System.out.println("Username:" + securityContextImpl.getAuthentication().getName());
//登录密码,未加密的
System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials());
WebAuthenticationDetails details = (WebAuthenticationDetails)securityContextImpl.getAuthentication().getDetails();
//获得访问地址
System.out.println("RemoteAddress" + details.getRemoteAddress());
//获得sessionid
System.out.println("SessionId" + details.getSessionId());
//获得当前用户所拥有的权限
List<GrantedAuthority> authorities = (List<GrantedAuthority>)securityContextImpl.getAuthentication().getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
System.out.println(“Authority” + grantedAuthority.getAuthority());
}
在spring security3 获取所有的登录用户
import java.text.Format;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
@Component("getUser")
public class GetUser {
@Autowired
//利用spring注入后就可以取所有登录用户,不能加static属性,否则会取不到
private SessionRegistry sessionRegistry;
private Format ft = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public void findlgUser() {
List<Object> slist = sessionRegistry.getAllPrincipals();
String json = "共 " + slist.size() + " 用户登录,服务器时间:" + ft.format(new Date()) + "\n";
for(int i=0; i<slist.size(); i++) {
User u =
(org.springframework.security.core.userdetails.User) slist.get(i);
json = json + "第 " + (i+1) + " 个用户 => " +
"用户名:" + u.getUsername() + "\n";
//第二个参数表示是否取单点登录时,超出限制而被弹出用户
List<SessionInformation> ilist = sessionRegistry.getAllSessions(slist.get(i), true);
json = json + "----" + ilist.size() + " 处登录\n";
for(int j=0; j<ilist.size(); j++) {
SessionInformation sif = ilist.get(j);
json = json + "--------" + (j+1) +
" 最后访问时间:" + ft.format(sif.getLastRequest()) +
" session:" + sif.getSessionId() +
" 限制登录:" + sif.isExpired() + "\n";
//强制退出1.将其限制,2.将其移除,使用第一种比较好
//sif.expireNow();
//sessionRegistry.removeSessionInformation(sif.getSessionId());
}
}
}
}
在JSF的ManagedBean中获得request session对象以及写入和读取的method:
获得request对象:
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext ec = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest)ec.getRequest();
获得session对象:
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext ec = context.getExternalContext();
HttpSession session = (HttpSession) ec.getSession(true);
写入session:
FacesContext.getCurrentInstance().getExternalContext().getSession(true);
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().
put(key[String],value[object]);
读取session:
public String getTestSession()String testSession =FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("usersession").toString();
System.out.println(testSession);
return testSession;
}